package sg.edu.nus.iss.cats.filters;

import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;

import sg.edu.nus.iss.cats.controller.*;
import sg.edu.nus.iss.cats.model.*;
import sg.edu.nus.iss.cats.exception.*;

/**
 * Implementation of <code>javax.servlet.Filter</code> used to check if a valid user
 * session exists and the role of a user allows access
 *
 * @version $Revision: 1.0
 */
public class SessionFilter implements Filter{

    /**
     * The filter configuration object we are associated with.  If this value
     * is null, this filter instance is not currently configured.
     */
    private FilterConfig config = null;
    private String errorPage = null;
    private String loginPage = null;

     /**
     * Place this filter into service.
     *
     * @param filterConfig The filter configuration object
     */
    public void init (FilterConfig filterConfig) {

        this.config = filterConfig;
        ServletContext appl = config.getServletContext();
        this.errorPage = appl.getInitParameter("errorPage");
        this.loginPage = appl.getInitParameter("loginPage");
    }

    /**
     * Take this filter out of service.
     */
    public void destroy() {
        this.config = null;
    }

    /**
     * The <code>doFilter</code> method of the Filter is called by the container
     * each time a request/response pair is passed through the chain due
     * to a client request for a resource at the end of the chain.
     * The FilterChain passed into this method allows the Filter to pass on the
     * request and response to the next entity in the chain.<p>
     * This method checks for a valid user session and if the role provided matches
     * that of the user<br>
     **/
    public void doFilter ( ServletRequest request, ServletResponse response,
                        FilterChain chain ) throws IOException, ServletException {

        System.out.println("SessionAndRoleFilter: doFilter"+loginPage+errorPage);

        try {
            // Get the User.If there is some error, or the User is not found,
            // the user is not logged in

            HttpSession session = ((HttpServletRequest)request).getSession(false);
            if (session == null) {
                throw new NoLoginException("User not logged in");
            }
            UserSession userSession = (UserSession) session.getAttribute("USERSESSION");
            if (userSession == null) {
                throw new NoLoginException("User not logged in");
            }
            User user = userSession.getUser();
            if (user == null) {
                throw new NoLoginException("User not logged in");
            }

            chain.doFilter( request, response );

        } catch (NoLoginException e) {
            config.getServletContext().getRequestDispatcher(loginPage).
            forward(request, response);
            return;
        }
    }
}

